The antivirus it is one of the most important programs that we can have installed on our computer. This is in charge of constantly analyzing our computer in the background and detecting any possible threat that could endanger our security. This program always protects us, whether while browsing the Internet or when we connect an external hard drive to the PC. However, is it always protecting us the same way, or is having an Internet connection vital to be able to be properly protected?
Nowadays, practically all the antivirus that we can find in the market make use of a function that they call «cloud protection«. This function is nothing more than taking advantage of a technology, which can be the use of reputation services or signature databases stored in the cloud, to provide the best protection to users. And, when we do not have an Internet connection, protection plummets by being able to use only the local database.
But, although this cloud can help antivirus to protect us better, to what extent does it improve its security?
This is how the protection of some antivirus changes when using the cloud
Depending on the security signature we use, we can have more or less variance. For example, in the case of Windows Defender, we can find a more than considerable difference in protection that ranges from 68.8% protection when there is no Internet to 96% when we are connected to the Internet. Avast, another well-known antivirus, has less variance, going from 91% protection when being offline to 98.2% when we perform online analysis.
There are some antivirus that can go from 50% offline detection rate (like Panda or Trend Micro) to 83% and 92% respectively when making an online connection.
In addition, detection rates in real time (not on demand) also tend to improve a lot when we are connected to the Internet compared to when we are offline. In these cases, almost all antivirus have obtained a protection rate of 99.9% or higher, with some 100% (such as McAfee and Norton).
False positives: a worrying problem for some
Detecting many threats does not imply properly protecting our security. There are many other aspects when testing our antivirus that can lead to a significant loss of protection, such as false positives.
Normal when performing security tests such as those you perform periodically AV-Comparatives is that the antivirus have between one and two false positives. It is rare (although possible) that one manages not to generate any false warning, but around two it would be within the appropriate values. Unfortunately, this value shoots up when we talk about some specific security programs.
Panda, for example, is the worst of all, getting a total of 153 false positives in the latest tests. K7 was the second worst antivirus, with a total of 56 false samples. BitDefender, G-Data, McAfee, and Norton are also other well-known antiviruses that generate too many rogue threats, resulting in a worse user experience. And even in dangers for our PC.